Samsung Flaw Allows Attackers To Bypass Android Lock Screen.
Samsung Flaw Allows Attackers To Bypass Android Lock Screen.
http://www.youtube.com/watch?feature=player_embedded&v=6i-0t63wOII
Eden tested this on
just one class of handset, the latest U.K. variant of Android 4.1.2 "Jelly
Bean" running on two Samsung Galaxy Note II devices. One was rooted, and
the other not. Both were running the stock launcher and lock screen.
http://www.youtube.com/watch?feature=player_embedded&v=6i-0t63wOII
Attackers are able to bypass the lock screen on the Samsung
Galaxy Note II smartphone, a device that the Korean electronics giant is pitching to enterprise customers.
First discovered by self-confessed mobile
enthusiast Terence Eden, he outlines the flaw that allows an attacker to bypass
the device's pattern lock, PIN code, longer
alphanumeric password, and even the face unlock security feature.
It's not clear if the flaw lies within Samsung's devices or the
Android platform, or both. However, this flaw may not be limited to Samsung's
Note II or Android 4.1.2, and users and IT managers alike should test their
devices immediately.
From the lock screen, an attacker can hit the emergency contacts
button. Then, by holding down the home button, the unlocked home screen is
momentarily displayed. That alone is enough to see what's on the home screen.
Getting the timing right, users can direct dial and launch apps—though the
attacker can only see what's briefly displayed rather than directly use the
apps.
Described as a
"reasonably small vulnerability" by Eden with "limited
scope," he disclosed the flaw because Samsung doesn't have a "responsible disclosure team."
Comments